Gotta Love 4Chan
25 September 2010, 11:43 PM
#1
Scooby Regular
Thread Starter
Join Date: May 2008
Posts: 3,957
Likes: 0
Received 0 Likes
on
0 Posts
Gotta Love 4Chan
ACS:Law Anti-Piracy Law Firm Torn Apart By Leaked Emails
Written by enigmax on September 25, 2010 Earlier this week, anti-piracy lawyers ACS:Law had their website taken down by a 4chan DDoS attack. Adding insult to injury, owner Andrew Crossley was harassed at home in the middle of the night by prank phone calls. Now, through a fault with his website, hundreds of megabytes of private emails have been exposed to the public and uploaded to The Pirate Bay. To those hoping that this is a MediaDefender-type fiasco all over again, trust us – it is.
After coordinating DDoS attacks against the MPAA, RIAA and anti-piracy company AiPlex Software this week, 4chan turned to a new target.
Anti-piracy lawyers ACS:Law, who send out tens of thousands of letters demanding cash-settlements from often innocent Internet subscribers, became the new target. The company, which is headed up by lone principal Andrew Crossley, is widely hated among file-sharers and innocents alike and with 4chan’s Operation Payback now in full swing, payback is the operative word.
After prank telephone calling Crossley in the middle of the night during the week, it now seems that 4chan are aiming to tear his professional life apart, as they have obtained and are distributing a 350mb file of the company’s website which includes countless company emails.
So how were they obtained?
“Their site came back online [after the DDoS attack] – and on their frontpage was accidentally a backup file of the whole website (default directory listing, their site was empty), including emails and passwords,” a leader of the attacking group told TorrentFreak. “The email contains billing passwords and some information that ACS:Law is having financial problems.”
Financial problems? Interesting. Many tens of thousands of people who received letters from ACS:Law are also experiencing the same problem, having already paid up several hundred pounds each to make non-existent lawsuits go away.
“We’re still sorting through it. There’s a lot of stuff here to go through. But, basically, we were told we were less important than a 10 minute late train, or a queue for coffee by Andrew,” the attackers’ spokesman told us, adding:
“Payback is a bitch, isn’t it Andrew?”
The file is currently seeding on The Pirate Bay but most leechers are stuck with less than 60%. It is, however, available publicly on the web already. We have managed to secure one of those copies and are examining it now.
A little taster from emails read so far:
– ACS:Law and USCG (of Hurt Locker fame) appear to be cooperating
– Crossley boasts that his retained lawyer “literally wrote the SRA rules!”
– Crossley accuses Which? of ‘defamation’ and articles designed to “demean” and “denigrate”
– Crossley gives veiled warnings to Which? that he could sue them for libel
– Internal documents reveal intentions to take down Slyck.com
– Email from ACS:Law client which states the following:
– Email evidence that ACS:Law deliberately does not target two UK ISPs, TalkTalk and Virgin Media
– Crossley writes to monitoring company NG3Sys and says the following:
- Crossley tells his assistant Terence Tsang to “be more discreet with this stuff” when referring to our article where we revealed ACS:Law looked to buy anti-piracy tracking software on the cheap.
Of course, as with our coverage of the MediaDefender leaked emails back in 2007, TorrentFreak’s coverage of this debacle will be extensive.
Written by enigmax on September 25, 2010 Earlier this week, anti-piracy lawyers ACS:Law had their website taken down by a 4chan DDoS attack. Adding insult to injury, owner Andrew Crossley was harassed at home in the middle of the night by prank phone calls. Now, through a fault with his website, hundreds of megabytes of private emails have been exposed to the public and uploaded to The Pirate Bay. To those hoping that this is a MediaDefender-type fiasco all over again, trust us – it is.
After coordinating DDoS attacks against the MPAA, RIAA and anti-piracy company AiPlex Software this week, 4chan turned to a new target.
Anti-piracy lawyers ACS:Law, who send out tens of thousands of letters demanding cash-settlements from often innocent Internet subscribers, became the new target. The company, which is headed up by lone principal Andrew Crossley, is widely hated among file-sharers and innocents alike and with 4chan’s Operation Payback now in full swing, payback is the operative word.
After prank telephone calling Crossley in the middle of the night during the week, it now seems that 4chan are aiming to tear his professional life apart, as they have obtained and are distributing a 350mb file of the company’s website which includes countless company emails.
So how were they obtained?
“Their site came back online [after the DDoS attack] – and on their frontpage was accidentally a backup file of the whole website (default directory listing, their site was empty), including emails and passwords,” a leader of the attacking group told TorrentFreak. “The email contains billing passwords and some information that ACS:Law is having financial problems.”
Financial problems? Interesting. Many tens of thousands of people who received letters from ACS:Law are also experiencing the same problem, having already paid up several hundred pounds each to make non-existent lawsuits go away.
“We’re still sorting through it. There’s a lot of stuff here to go through. But, basically, we were told we were less important than a 10 minute late train, or a queue for coffee by Andrew,” the attackers’ spokesman told us, adding:
“Payback is a bitch, isn’t it Andrew?”
The file is currently seeding on The Pirate Bay but most leechers are stuck with less than 60%. It is, however, available publicly on the web already. We have managed to secure one of those copies and are examining it now.
A little taster from emails read so far:
– ACS:Law and USCG (of Hurt Locker fame) appear to be cooperating
– Crossley boasts that his retained lawyer “literally wrote the SRA rules!”
– Crossley accuses Which? of ‘defamation’ and articles designed to “demean” and “denigrate”
– Crossley gives veiled warnings to Which? that he could sue them for libel
– Internal documents reveal intentions to take down Slyck.com
– Email from ACS:Law client which states the following:
Andrew,
Thank you for your email.
Our client remains concerned over the accuracy of the data that you provide and the methods used to obtain such data. It has been closely monitoring the recent press that your Firm has attracted regarding complaints to Which, in relation to demand letters that have incorrectly been sent to innocent internet subscribers, accused of copyright infringement. Your letter of 30 October 2009 was not satisfactory, in that it did not fully deal with the concerns raised in our letter of 21 July 2009, save as to state that you and your client disagree. Clearly there are flaws in your data gathering process. These are important and valid concerns that need to be satisfactorily addressed, so as to protect the rights of our client and innocent customers.
- Crossley brags about his financial status:Thank you for your email.
Our client remains concerned over the accuracy of the data that you provide and the methods used to obtain such data. It has been closely monitoring the recent press that your Firm has attracted regarding complaints to Which, in relation to demand letters that have incorrectly been sent to innocent internet subscribers, accused of copyright infringement. Your letter of 30 October 2009 was not satisfactory, in that it did not fully deal with the concerns raised in our letter of 21 July 2009, save as to state that you and your client disagree. Clearly there are flaws in your data gathering process. These are important and valid concerns that need to be satisfactorily addressed, so as to protect the rights of our client and innocent customers.
Spent much of the weekend looking for a new car. Finances are much better so can put £20-30k down. May go for a Lambo or Ferrari. I am so predictable!
(later emails reveal he bought a Jeep Compass 2.4CVT)– Email evidence that ACS:Law deliberately does not target two UK ISPs, TalkTalk and Virgin Media
– Crossley writes to monitoring company NG3Sys and says the following:
You are going to receive on average about £1,000.00 per 150 letters sent. This can be seen from the first tiny batch. Because we have good quality product being monitored and captures are high on the data we have, when the letters get sent out the figures therefore equate as follows:-
Phase 1: 2,500 letters, estimated revenue to you: £16,666.00
Phase 2: est. 4,000 letters, estimated revenue to: £26,666.00
Phase 3: est. 18,000 letters, estimated revenue to you: £120,000.00
That is data collated to date! I have more titles to give you, more data will be captured.
Please stay with this.
After falling out with NG3Sys, ACS:Law sent this out to other potential monitoring company:Phase 1: 2,500 letters, estimated revenue to you: £16,666.00
Phase 2: est. 4,000 letters, estimated revenue to: £26,666.00
Phase 3: est. 18,000 letters, estimated revenue to you: £120,000.00
That is data collated to date! I have more titles to give you, more data will be captured.
Please stay with this.
Dear Sirs,
I own and operate the most prominent law firm in the UK that carries out file sharing litigation. We are one of only two law firms in the UK currently carrying out this work.
We have a number of copyright clients and we have one client in particular,with a large number of copyright titles that have been collecting good numbrs of IP addresses. We have two phases run through and the latest phase has been collecting circa 20,000 IP addresses a month for UK alone. Germany also is gathering good figures.
Our current UK-based data monitoring company has let us down and we need to find another monitoring company to supply our IP data from now. There are currently 300 titles (all adult film titles – all legal and UK certificated) that were being actively monitored.
If you are interested in monitoring for us and to do so quickly, please let us know and we can talk further. We will be able to supply much more data if this works and would like to push the data into Germany also.
We are proposing to pay 10% of net revenues (after ISP costs and postage costs of letter=) to the data monitoring company. On current figures that equates to circa £8,800.00 (€9,750.00) to the monitoring company per 1,000 letters sent. Our next phase we anticipate 10,000 letters to be sent in the UK alone. These are estimates only, but based on current collections are accurate.
I look forward to hearing from you.
- Series of highly abusive emails from Crossley to his ex-wife, where in part he tells her to “**** off and keep out of my life” and accuses her of being with a “drug addled hermit”.I own and operate the most prominent law firm in the UK that carries out file sharing litigation. We are one of only two law firms in the UK currently carrying out this work.
We have a number of copyright clients and we have one client in particular,with a large number of copyright titles that have been collecting good numbrs of IP addresses. We have two phases run through and the latest phase has been collecting circa 20,000 IP addresses a month for UK alone. Germany also is gathering good figures.
Our current UK-based data monitoring company has let us down and we need to find another monitoring company to supply our IP data from now. There are currently 300 titles (all adult film titles – all legal and UK certificated) that were being actively monitored.
If you are interested in monitoring for us and to do so quickly, please let us know and we can talk further. We will be able to supply much more data if this works and would like to push the data into Germany also.
We are proposing to pay 10% of net revenues (after ISP costs and postage costs of letter=) to the data monitoring company. On current figures that equates to circa £8,800.00 (€9,750.00) to the monitoring company per 1,000 letters sent. Our next phase we anticipate 10,000 letters to be sent in the UK alone. These are estimates only, but based on current collections are accurate.
I look forward to hearing from you.
- Crossley tells his assistant Terence Tsang to “be more discreet with this stuff” when referring to our article where we revealed ACS:Law looked to buy anti-piracy tracking software on the cheap.
Of course, as with our coverage of the MediaDefender leaked emails back in 2007, TorrentFreak’s coverage of this debacle will be extensive.
26 September 2010, 09:46 AM
#3
Scooby Regular
Join Date: Apr 2004
Location: UK
Posts: 3,447
Likes: 0
Received 0 Likes
on
0 Posts
Did you see what he said to the Register?
Andrew Crossley, the head of ACS:Law, told The Register the attack was "typical rubbish from pirates".
"Big whoop," he added.
"It was only down for a few hours. I have far more concern over the fact of my train turning up 10 minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish."
"Big whoop," he added.
"It was only down for a few hours. I have far more concern over the fact of my train turning up 10 minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish."
28 September 2010, 03:43 PM
#7
Scooby Regular
Join Date: Apr 2004
Location: UK
Posts: 3,447
Likes: 0
Received 0 Likes
on
0 Posts
lulz 
http://www.theregister.co.uk/2010/09/28/acs_ico/
Originally Posted by The Reg
ACS:Law's mocking of 4chan could cost it £500k
Trending Topics
28 September 2010, 04:59 PM
#10
Scooby Regular
Thread Starter
Join Date: May 2008
Posts: 3,957
Likes: 0
Received 0 Likes
on
0 Posts
A bit like this board, but everyone is anonymous.
The culture is incredibly hard to explain, but they are basically online activists, mainly in the general public's interests, who can/have cost rouge companies Millions of Pounds in damages.
If you want to know what they are currently doing (Operation Payback, what the press are reporting at the minute) and how to get involved with DDoS attacks, see..
http://leetbaka.com/tpb/index
8000 sites were affected/still are from last nights attacks, for example. These are companies btw, that are trying to get dodgy laws implemented that will effect everyone's liberties/privacy on the Internet, it is no bad thing and it is not Hacking, like ACS Law seem to think it was, that was purely error and negligence on their part.
The culture is incredibly hard to explain, but they are basically online activists, mainly in the general public's interests, who can/have cost rouge companies Millions of Pounds in damages.
If you want to know what they are currently doing (Operation Payback, what the press are reporting at the minute) and how to get involved with DDoS attacks, see..
http://leetbaka.com/tpb/index
8000 sites were affected/still are from last nights attacks, for example. These are companies btw, that are trying to get dodgy laws implemented that will effect everyone's liberties/privacy on the Internet, it is no bad thing and it is not Hacking, like ACS Law seem to think it was, that was purely error and negligence on their part.
28 September 2010, 06:01 PM
#11
Scooby Regular
Join Date: Oct 2007
Location: Wanting the English to come first in England for a change!
Posts: 2,091
Likes: 0
Received 0 Likes
on
0 Posts
A bit like this board, but everyone is anonymous.
The culture is incredibly hard to explain, but they are basically online activists, mainly in the general public's interests, who can/have cost rouge companies Millions of Pounds in damages.
If you want to know what they are currently doing (Operation Payback, what the press are reporting at the minute) and how to get involved with DDoS attacks, see..
http://leetbaka.com/tpb/index
8000 sites were affected/still are from last nights attacks, for example. These are companies btw, that are trying to get dodgy laws implemented that will effect everyone's liberties/privacy on the Internet, it is no bad thing and it is not Hacking, like ACS Law seem to think it was, that was purely error and negligence on their part.
The culture is incredibly hard to explain, but they are basically online activists, mainly in the general public's interests, who can/have cost rouge companies Millions of Pounds in damages.
If you want to know what they are currently doing (Operation Payback, what the press are reporting at the minute) and how to get involved with DDoS attacks, see..
http://leetbaka.com/tpb/index
8000 sites were affected/still are from last nights attacks, for example. These are companies btw, that are trying to get dodgy laws implemented that will effect everyone's liberties/privacy on the Internet, it is no bad thing and it is not Hacking, like ACS Law seem to think it was, that was purely error and negligence on their part.
29 September 2010, 11:25 AM
#16
Scooby Regular
Thread Starter
Join Date: May 2008
Posts: 3,957
Likes: 0
Received 0 Likes
on
0 Posts
29 September 2010, 04:10 PM
#20
Scooby Regular
Interestingly Sky offered ACS law most of its information re alleged downloader’s
(Fantastic customer service from Sky - as ever)
Interesting too that the SKY news does not cover the story at all
I wonder if the two are related
(Fantastic customer service from Sky - as ever)
Interesting too that the SKY news does not cover the story at all
I wonder if the two are related
29 September 2010, 05:49 PM
#21
Scooby Regular
Join Date: Oct 2007
Location: Wanting the English to come first in England for a change!
Posts: 2,091
Likes: 0
Received 0 Likes
on
0 Posts
a collegue was browsing the orange website at lunch and it has a little news link, it led to a story in the business section about sky dropping all contracts with acs, and the possibilty of legal proceeding for breach of contract!
That'll teach!
That'll teach!
29 September 2010, 10:08 PM
#22
Scooby Senior
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
30 September 2010, 12:46 AM
#23
I was bored, so I downloaded 
. Took a bit of seraching to find the xls files. But bloody hell! 
Not found anyone I know yet though
As for Sky news? What do you expect? Its only ever reported what is in Sky and Newscorp's best interest (for example its been touting that Murdoch woman's "alledged" gaff all day long
).
. Took a bit of seraching to find the xls files. But bloody hell! Not found anyone I know yet though
As for Sky news? What do you expect? Its only ever reported what is in Sky and Newscorp's best interest (for example its been touting that Murdoch woman's "alledged" gaff all day long
).
30 September 2010, 07:44 AM
#25
Scooby Regular
in the percentage view of life you will be right about them, more than wrong
30 September 2010, 08:21 AM
#26
Scooby Regular
Join Date: Apr 2004
Location: UK
Posts: 3,447
Likes: 0
Received 0 Likes
on
0 Posts
If I was a sky broadband subscriber I would leave as a customer making sure I sited ACS law leak as the reason.
Time to make them aware that they have a responsibility too!
Time to make them aware that they have a responsibility too!
30 September 2010, 11:25 AM
#27
Scooby Regular
Thread Starter
Join Date: May 2008
Posts: 3,957
Likes: 0
Received 0 Likes
on
0 Posts
It's not just the fact they sent customer details in a non secure way, it is mainly the fact that neither of the companies bother to turn up at the court hearing to contest the allegations put forward by ACS Law.
TalkTalk said they would contest any and all attempts to for release of customer info, as reported in their blog, which to me is ironic, TalkTalk doing something right.
As reported widely in the media today, a list with names and addresses of some 8,000+ UK broadband users has been posted on the internet, along with details of adult films they are accused of sharing. The list belonged to ACS:Law, a law firm which writes letters to other ISPs’ customers that are accused by rightsholders of filesharing, demanding compensation payments.
I say ‘other’ because TalkTalk has never given any customer details to ACS:Law or any other law firm working on this basis, so our customers will not be affected by this breach.
It’s a stark reminder of the dangers of giving out customer details to third parties in trying to combat filesharing. While we do not condone illegal filesharing, we have consistently argued for better ways of combating copyright theft. Handing over customer details to law firms to seek ‘compensation’, based on accusations from rightsholders, is not the answer.
Tracking down illegal filesharers is complex and the current approach isn’t working. The first problem is around detection: if you can only see what’s being downloaded at each connection, how do you know which of the several users has actually infringed copyright?
Secondly, we’ve demonstrated before how it’s possible for connections to be hacked by serial filesharers. Again, this can result in false accusations being made against subscribers and is the key reason why we’ve refused to hand over our customers’ details to ACS:Law or any other law firm working in this way.
We have applied for a Judicial Review to re-evaluate the online infringement of copyright provisions of the Digital Economy Act which will use the same flawed detection methods and received insufficient Parliamentary scrutiny. You can get involved through the DEA Facebook page and Open Rights Group’s petition.
I say ‘other’ because TalkTalk has never given any customer details to ACS:Law or any other law firm working on this basis, so our customers will not be affected by this breach.
It’s a stark reminder of the dangers of giving out customer details to third parties in trying to combat filesharing. While we do not condone illegal filesharing, we have consistently argued for better ways of combating copyright theft. Handing over customer details to law firms to seek ‘compensation’, based on accusations from rightsholders, is not the answer.
Tracking down illegal filesharers is complex and the current approach isn’t working. The first problem is around detection: if you can only see what’s being downloaded at each connection, how do you know which of the several users has actually infringed copyright?
Secondly, we’ve demonstrated before how it’s possible for connections to be hacked by serial filesharers. Again, this can result in false accusations being made against subscribers and is the key reason why we’ve refused to hand over our customers’ details to ACS:Law or any other law firm working in this way.
We have applied for a Judicial Review to re-evaluate the online infringement of copyright provisions of the Digital Economy Act which will use the same flawed detection methods and received insufficient Parliamentary scrutiny. You can get involved through the DEA Facebook page and Open Rights Group’s petition.
30 September 2010, 11:36 AM
#28
Scooby Regular
yes I was impressed with TalkTalk's position on this too
also Virgin Media have said they will never hand over customer details -- but in the same report it said that ACS law have not gone after Virgin Customers do to widespread cloning of routers (so the information contained in any ISP logs is very very unreliable)
any decent lawyer with half an understanding of technology would rip ACS's case to shreds
also Virgin Media have said they will never hand over customer details -- but in the same report it said that ACS law have not gone after Virgin Customers do to widespread cloning of routers (so the information contained in any ISP logs is very very unreliable)
any decent lawyer with half an understanding of technology would rip ACS's case to shreds
30 September 2010, 11:47 AM
#29
Scooby Regular
Thread Starter
Join Date: May 2008
Posts: 3,957
Likes: 0
Received 0 Likes
on
0 Posts
An email dated 19th August 2010, Adam Glen, who advises Andrew Crossley at ACS:Law, wrote to them in relation to the Barwinska case, sort of tears their business model apart..
a. The claim was not defended so there was no challenge to the submissions by Davenport Lyons
b. The court accepted the Davenport Lyons quantum calculation without challenge
c. The model submitted by Davenport Lyons was based upon, in my opinion, an extremely poor understanding of the underlying technology of P2P interaction
d. The Davenport Lyons model, in my opinion, failed to apply accepted and fundamental mathematical principals in its calculation, including queuing theory, and would have difficulty in passing an applied mathematics assessment if submitted in an “A level” statistics paper.
e. There are a number of factors in any model for calculation of the quantum of damage resulting from a making available via P2P which it is impossible for the monitoring software to establish and the model relies upon unsubstantiated, and in some cases erroneous logic, assumptions.
f. There are a number of factors in any model for calculation of the quantum of damage resulting from a making available via P2P which, for technical and commercial reasons, that the monitoring software fails to record and the model relies upon unsubstantiated, and in some cases erroneous logic, assumptions.
g. There are a number of factors in any model for calculation of the quantum of damage resulting from a making available via P2P which, for commercial reasons, means that legal disclosure has not been requested that could substantiate the multipliers and the model relies upon unsubstantiated assumptions based upon seriously flawed logic, to complete other assumptions necessary for predictive analytics and the quantum is predicated on the results of all these assumptions.
h. The Davenport Lyons model was developed by a person with no academic qualifications or experience, of a technical or mathematical nature, that would be accepted by the courts as being of a standard sufficient to be classified as “Expert”.
b. The court accepted the Davenport Lyons quantum calculation without challenge
c. The model submitted by Davenport Lyons was based upon, in my opinion, an extremely poor understanding of the underlying technology of P2P interaction
d. The Davenport Lyons model, in my opinion, failed to apply accepted and fundamental mathematical principals in its calculation, including queuing theory, and would have difficulty in passing an applied mathematics assessment if submitted in an “A level” statistics paper.
e. There are a number of factors in any model for calculation of the quantum of damage resulting from a making available via P2P which it is impossible for the monitoring software to establish and the model relies upon unsubstantiated, and in some cases erroneous logic, assumptions.
f. There are a number of factors in any model for calculation of the quantum of damage resulting from a making available via P2P which, for technical and commercial reasons, that the monitoring software fails to record and the model relies upon unsubstantiated, and in some cases erroneous logic, assumptions.
g. There are a number of factors in any model for calculation of the quantum of damage resulting from a making available via P2P which, for commercial reasons, means that legal disclosure has not been requested that could substantiate the multipliers and the model relies upon unsubstantiated assumptions based upon seriously flawed logic, to complete other assumptions necessary for predictive analytics and the quantum is predicated on the results of all these assumptions.
h. The Davenport Lyons model was developed by a person with no academic qualifications or experience, of a technical or mathematical nature, that would be accepted by the courts as being of a standard sufficient to be classified as “Expert”.
30 September 2010, 11:11 PM
#30
Scooby Regular
Thread Starter
Join Date: May 2008
Posts: 3,957
Likes: 0
Received 0 Likes
on
0 Posts
Thread
Thread Starter
Forum
Replies
Last Post
serpico
ScoobyNet General
20
01 April 2019 07:47 AM
